>Does anyone know anything about the "safe harbor" framework which
US "firms"
>sign up to? Looking through the lists and "industry sectors" on the website
>I can't see a single public organisation - does this mean that public
>organisations e.g universities can't sign up to it, and hence none of them
>are bound by data protection principles? I'm thinking about the possibility
>of transferring personal data to recipients at other universities. It seems
>odd that there is no obligation or option for public organisations to sign
>up too.
>Regards
>Lucy Fincham
Lucy
Comparatively few organisations have signed up to Safe Harbor. As has
already been said, it is not binding and was set up as a way of expediting
trade – and is therefore very much focussed on industry rather than the
public sector.
However, personal information can still be transferred to the USA - and
adequately protected - even when Safe Harbor protections are not in place.
In any given case, it is for the Data Controller to assess whether there
are appropriate safeguards for the processing (the ICO would only
expect/need to approve these in exceptional circumstances). They should
take into account factors such as:
- the nature of the personal data (the more sensitive or valuable the
information, the greater the safeguards should be)
- the purposes for which the data will be processed
- laws in force. The USA is not recognised as a ‘safe’ country because it
does not have federal data protection laws, but there may be state laws in
place that will cover the receiving organisation and give protection
- enforceable codes of conduct which will apply to the recipient
organisation
- extra security measures or contracts put in place to protect the data
subject.
The ICO has useful guidelines on “International transfers of personal
information: General advice on how to comply with the eighth data
protection principle” on their website.
Hope that helps
Simon
Simon Richardson
Information Governance Officer
Gateshead PCT
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|